16

I've a Kotlin project which uses Guice for DI and has recently been updated from JDK 8 -> 11. It now emits the following error at runtime:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/Users/matt/.gradle/caches/modules-2/files-2.1/com.google.inject/guice/4.2.2/6dacbe18e5eaa7f6c9c36db33b42e7985e94ce77/guice-4.2.2.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

How should this warning be addressed?

Matt R
  • 9,892
  • 10
  • 50
  • 83
  • 4
    See https://github.com/google/guice/issues/1133 – Stefan Zobel Sep 30 '19 at 11:42
  • 3
    Thanks for the link @StefanZobel -- I have to admit, after having a look through the (fairly long) thread on that issue, it's not clear to me whether this is a case of "wait for Guice to fix it", or if there is some fix that can be applied in the mean time. – Matt R Sep 30 '19 at 14:01
  • 3
    My understanding is that cglib 3.2.5 added support for using Methodhandles.Lookup.defineClass. This is the supported API for injecting a class into the same run-time package as another class. My reading of the Guice issue is that it bundles or re-packages a copy of cglib, I can't tell which version, but it might be an old version that relies on hacking the non-public ClassLoader.defineClass method The "Illegal reflective access" warning is important as the hack will break once java.base is full encapsulated. – Alan Bateman Sep 30 '19 at 14:35
  • Also see https://github.com/google/guice/issues/1216 – Richard Logwood Aug 14 '20 at 23:03
  • 2
    Confirmed this is now fixed in Guice 5.0.1 as of Feb 2021. – Manabu Tokunaga Mar 08 '21 at 00:43

2 Answers2

9

The issue is due to how Guice internally accesses Java objects, which is unsafe under the new (Java 9+) Java Module System.

Also, starting with Java 16, this warning becomes an error, and the execution flag --illegal-access=permit must be specified manually to reproduce the behaviour of Java 9-15.

There is not much you can do to fix it; the best option is to upgrade to Guice 5.0.1, which has been patched to avoid illegal accesses. Your warning will disappear, and your application will work on Java 16+ with the default JVM behaviour.

Danilo Pianini
  • 966
  • 8
  • 19
2

As mentioned, it's better you just upgrade to Guice 5 where this is updated.

BUT ... just in case you are stuck with Guice 4 until you can make the upgrade, just start java with these extra parameters:

java --illegal-access=permit --add-opens java.base/java.lang=ALL-UNNAMED ...

and you are good to go !!

Carlos Saltos
  • 1,385
  • 15
  • 15